Understanding the Legality & Security of eSignatures

In the age of digital transformation, companies are scrambling to find a balance between providing delightful transactions for users and maintaining strong legal and security measures should those transactions ever become the subject of a court case.

By outsourcing eSignature collection to a software platform that provides the bank-level security, detailed audit trails, thorough authentication, and diligent compliance protocols we’ll explore today; organizations will be able to maximize the legality and security of their online transactions without putting the burden of exhausting, complex workflows on their customers or employees.

‍

Are eSignatures Really Legal?

‍

Let’s start with the basics—documents signed electronically have the same legal protections as those signed with a good ol’ pen.

‍

Much of this is thanks to the Electronic Signatures in Global and National Commerce (E-SIGN) Act, which was enacted in the U.S. in 2000. The E-SIGN Act basically says that agreements, contracts, transactions, and other documents that are signed electronically shouldn’t be denied legality just because they don’t exist on paper.

4 Ways to Maximum Legality and Security Using eSignature Software

‍

Whether you choose to build your own eSignature platform (you must have an impressive tech team!) or partner with a provider that specializes in eSignature software (BTW, HelloSign has been named the easiest eSignature tool to implement for several years in a row), it’s critical that you use a solution with strong legality and security measures to protect your most valuable clients and transactions.

Bank-Level Security

‍

Bank-level security is a vital element for eSignature software as it assures that the data gathered from audit trails and authentication (both of which we’ll explore in this piece) is trustworthy.

‍

In addition, should an eSignature or digital document come under legal scrutiny, these bank-level security protocols will make sure it stands up in court.

That’s why we come out of the gate strong on security. At HelloSign, all your communications are safeguarded by Secure Sockets Layer (SSL) encryption. Each document is stored behind a firewall and authenticated against the sender’s session every time it’s requested. Documents are also encrypted with a unique key—each of which is in turn encrypted with a regularly rotated master key. So even if someone were able to bypass physical security, they still wouldn’t be able to decrypt your data.

To provide you with a transaction history, we track and timestamp various information—including IP and UserAgent info—from the moment the document is submitted for signature to when it is signed and completed. To help ensure that any tampering of your transaction log is detectable, we process each transaction with hashing technology. This provides a “copy” of every version of the document which you can use for comparison should a questionable version ever come to light.

Combine detailed audit trails with authentication that the signers were all who they said they were (which we’ll discuss next!) and bank-level security and you’re prepared to provide defensible proof of every time someone accessed, reviewed, and signed a document.

Thorough Authentication

‍

To maximize legality and security, it’s important that your eSignature platform takes major steps toward verifying that a user is who they say they are before they’re allowed to execute a signature or even access a document.

‍

Most commonly, capturing their IP address and proving a person had access to a specific email account and/or phone number is enough to connect them to the computer and software that was used when the eSignature was created.

‍

When using HelloSign, any person signing a document must either have login information for HelloSign or have received a request for signature via email. To ensure no one is able to access a HelloSign user account without permission to sign or send documents fraudulently, all user information including usernames and passwords are 256-bit SSL encrypted. We also seek to prevent others from accessing or using your account by timing-out sessions and emailing you every time a contract is sent to, received by, or signed by your account.

‍

In addition, we allow users to set up two-factor authentication which requires the entry of a unique code sent to a mobile device along with their username and password. Users can also enable a 4 to 12 digit code that signers must enter to view or sign a document. All of the authentication data that a user provides to HelloSign is encrypted and passwords are hashed and salted with an adaptive hashing algorithm.

Diligent Compliance Measures

‍

Failing to adhere to pertinent compliance regulations can result in repercussions ranging from costly fines to prosecution and even jail time. Why risk the security—or the revenue and the future—of your business on less-than-diligent information security standards?

The new eIDAS regulation for the EU of 2016 (EU Regulation 910/2014), which replaces the former European EC/1999/93 Directive

Privacy Shield

General Data Protection Regulation (GDPR)

In addition, here are just some of the many procedures we’ve put into place to meet compliance standards no matter your industry or the size of your business:

‍Information Security Policy

‍Acceptable Use Policy

‍Code of Conduct

‍Background checks for all employees

Endpoint encryption for all company-owned and/or -issued devices

Release Management Procedure

‍Change Management Procedure

‍Release notes

‍Access Provisioning, Termination, and User Access Review Procedure

Incident Response Plan

Business Continuity and Disaster Recovery Plan

‍Penetration Testing Program

‍Bug Bounty Program

‍Breach Notification Policy

Security and Risk Management Committee

Get in touch and we’ll help you determine if HelloSign is the right eSignature platform for your security and legality needs.

‍

Balance Legality, Security, and User Experience with HelloSign

‍

At HelloSign, we’re dedicated to helping organizations discover an eSignature solution that provides ease-of-use and exceptional security. Usability is important to your customers—but taking careful security, audit, authentication, and compliance measures is important to you and the legality of the business you conduct online.